According to development of recent network technologies, although the utilization of WWW (World Wide Web) that is a distribution system on the Internet has been rapidly expanded and various HTTP servers providing information have been progressively increased, illegal accesses have also increased in accordance with the increase of the number of servers.
This type of illegal access may include detecting a security hole on a network to invade and attack a system via the security hole. In this case, the security hole is detected through a procedure in which (1) an operating host is detected, (2) services offered are detected, (3) network configuration is detected, (4) OS is identified, (5) application software are identified, and (6) the security hole is detected. Thereafter, an illegal access is made by generating a system error, for example, by sending a large number of packets to the target system by utilizing many stepping-stone sites.
It is impossible to differentiate such an illegal access from the ordinary access. Therefore, it is usually difficult for a system manager to detect an illegal access until invasion and attack have been made.
Conventionally, when it is recognized that large number of packets are being received, it is considered that an illegal access is about to be made. In this case, a countermeasure is adopted for minimizing actual damage due to the illegal access as fast as possible.
However, once attack is started, it is extremely difficult to defend this attack. Even if appropriate countermeasures are taken, the website has to be disadvantageously closed temporarily. Particularly, in a website continuously providing services for a large number of users such as banks and transport facilities, the influence due to closing of the website affects various areas, and there is a possibility that enormous actual damage is brought.
Thus, how to minimize the damage by such illegal access has become a significant problem, and desirably, a configuration in which no damage occurs even when an illegal access is performed is needed.